German Programmer took the Responsibility for HeartBleed Vulnerability

Share it:
The Heartbleed bug, the OpenSSL vulnerability that can be exploited to obtain sensitive information from affected servers, has made a lot of headlines this week. The bug is highly critical because it can be used to steal passwords, financial data, and the contents of communications. This was is one of the biggest threat in the Internet history.

About the Developer of HeartBeat in OpenSSL
It was Two years ago a German Programmer named "Robin Seggelmann" have coded and developed the new features in OpenSSL called HeartBeat.  Secured Open Source protocol was users by almost every website includes, Social Networking sites, Search Engines, Bank and Financial organisation etc.

As we know that Science (Technology) is a boon for mankind and aboon also in a same way. So developing HeartBeat was great features introduced on OpenSSL, but this feature cost him dearly, as here the most critical bug resides.

Programmer Seggelmann, was just trying to improve the OpenSSL with submitting the updates to the team. But with the same features leads to the cause of the critical vulnerability called "HeartBleed" as per TheGuardian. Robin Seggelmann submitted the code of OpenSSL with the heartbeat feature in an update on New Year's Eve, 2011. This means the most critical threat has been around for more than two years unnoticed.

Open Doors to Cyber Criminals and NSA
As with the HeartBeat Vulnerability, its gives the chance for the cyber criminals to get active on there operations, because it expose the large number of cryptographic keys and private data such as usernames, passwords, and credit card numbers, from the most important sites and services on the Internet.

The developer is responsible for what may be the biggest Internet vulnerability in recent history, but it was just a single programming error in the new feature as he didn't notice the missing validation and unfortunately the same skipped by the code reviewer as well before introducing it in the new released version.
"I am responsible for the error," Robin Seggelmann told Guardian, "because I wrote the code and missed the necessary validation by an oversight. Unfortunately, this mistake also slipped through the review process and therefore made its way into the released version."
 As the HeartBeat was introduced by 2 years ago, so this critical vulnerability was exist for 2 years. As with the recent updates, its being said that US National Security Agency (NSA) was aware of the HeartBleed vulnerability from earlier.
"But in this case, it was a simple programming error in a new feature, which unfortunately occurred in a security relevant area," he said. "It was not intended at all, especially since I have previously fixed OpenSSL bugs myself, and was trying to contribute to the project."

But NSA have denies for the known of  Heartbleed, with statement saying, "NSA was not aware of the recently identified Heartbleed vulnerability until it was made public,"

Despite denying the code he put intentionally, he said it could be entirely possible that the government intelligence agencies had been making use of this critical flaw over the past two years.
"It is a possibility, and it's always better to assume the worst than best case in security matters, but since I didn't know [about] the bug until it was released and [I am] not affiliated with any agency, I can only speculate," he told The Sydney Morning Herald.
Share it:

Heart Bleed

Internet

News

NSA

Security

Social network

Post A Comment:

0 comments:

Follow by Email